1. 面向个人信息保护的对抗性图像扰动算法研究.
- Author
-
王涛, 马川, and 陈淑平
- Subjects
- *
ACHROMATISM , *ALGORITHMS , *DIFFERENTIAL evolution , *INFORMATION technology security , *INFORMATION technology , *PIXELS - Abstract
In order to protect personal information in images, this paper proposed an adversarial image perturbations algorithm to combat deep neural network, which could mine and discover personal image knowledge. It transformed the problem of adversarial example generation into a multi-objective optimization problem with constraints. Considering the classification confidence of the neural network, the location of the perturbed pixels and the chromatic aberration, this paper obtained the adversarial examples iteratively by using the differential evolution algorithm. On MNIST and CIF AR-10 dataset, based on deep neural network LeN et and ResN et, the algorithm generated the experiment of adversarial examples. This paper compared and analyzed the success rate, number of perturbation pixels, optimization effects and spatial characteristics of the adversarial examples. The results show that the proposed algorithm still can effectively combat the deep neural network in the case of few disturbed pixels ( the average number of perturbation pixels is 5) . The algorithm significantly optimizes the location and chromatic aberration of the perturbed pixels, so as to protect personal information without destroying the original image. This study is helpful to balance the relationship between information technology dividend sharing and personal information security, and provides technical support for the research of adversarial examples generation and classification spatial features in deep neural networks. [ABSTRACT FROM AUTHOR]
- Published
- 2021
- Full Text
- View/download PDF